[openssl] master update

Matt Caswell matt at openssl.org
Wed Apr 1 16:42:08 UTC 2020


The branch master has been updated
       via  beb958ccd87b95f1a86bfe2b879492b62e58d80e (commit)
       via  5093fec23b2fd724e688d01857ea4dc6cd18cf38 (commit)
       via  d882e4ce56eff950ae27cecaafe164751779c12a (commit)
       via  fc69f32cd6852e60627969138be80cc665a573dd (commit)
      from  fe56d5951f0b42fd3ff1cf42a96d07f06f9692bc (commit)


- Log -----------------------------------------------------------------
commit beb958ccd87b95f1a86bfe2b879492b62e58d80e
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Mar 16 17:03:08 2020 +0000

    Extend the sslprovider_test to be able to additionally test FIPS
    
    Previously we could test an empty default ctx, with the default provider
    loaded into another ctx. Now we do the same with the FIPS provider.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11401)

commit 5093fec23b2fd724e688d01857ea4dc6cd18cf38
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 14:51:34 2020 +0000

    Make sure we always use the correct libctx in sslprovidertest.c
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11401)

commit d882e4ce56eff950ae27cecaafe164751779c12a
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 14:49:19 2020 +0000

    Make sure we use the libctx when creating an EVP_PKEY_CTX in libssl
    
    We should use EVP_PKEY_CTX_new_from_pkey() to ensure we use the correct
    libctx.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11401)

commit fc69f32cd6852e60627969138be80cc665a573dd
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 14:46:30 2020 +0000

    Use EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex in libssl
    
    We need to make sure we use the correct libctx for all operations in
    libssl.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11401)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_lib.c                       | 31 ++++++++++--
 ssl/statem/extensions.c            |  3 +-
 ssl/statem/extensions_srvr.c       |  6 ++-
 ssl/statem/statem_clnt.c           |  4 +-
 ssl/statem/statem_lib.c            |  8 ++-
 ssl/statem/statem_srvr.c           |  4 +-
 ssl/t1_enc.c                       |  4 +-
 test/recipes/90-test_sslprovider.t | 38 +++++++++++++--
 test/sslprovidertest.c             | 99 +++++++++++++++++++++++---------------
 9 files changed, 144 insertions(+), 53 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9060ee38f0..5373fafc36 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4728,19 +4728,33 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
      */
 # ifndef OPENSSL_NO_DH
     if (gtype == TLS_GROUP_FFDHE)
+#  if 0
+        pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq);
+#  else
         pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
+#  endif
 #  ifndef OPENSSL_NO_EC
     else
-#  endif
-# endif
+#  endif /* OPENSSL_NO_EC */
+# endif /* OPENSSL_NO_DH */
 # ifndef OPENSSL_NO_EC
     {
+        /*
+         * TODO(3.0): When provider based EC key gen is present we can enable
+         * this code.
+         */
         if (gtype == TLS_GROUP_CURVE_CUSTOM)
             pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
         else
+#  if 0
+            pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "EC",
+                                              s->ctx->propq);
+#  else
             pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+#  endif
+
     }
-# endif
+# endif /* OPENSSL_NO_EC */
     if (pctx == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
                  ERR_R_MALLOC_FAILURE);
@@ -4806,7 +4820,11 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+#if 0
+    const char *pkey_ctx_name;
+#else
     int pkey_ctx_id;
+#endif
 
     if (ginf == NULL)
         goto err;
@@ -4824,9 +4842,16 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
      * s->ctx->libctx and s->ctx->propq when paramgen has been updated to be
      * provider aware.
      */
+#if 0
+    pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
+    pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
+                                      s->ctx->propq);
+#else
     pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE)
                         ? EVP_PKEY_DH : EVP_PKEY_EC;
     pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL);
+#endif
+
     if (pctx == NULL)
         goto err;
     if (EVP_PKEY_paramgen_init(pctx) <= 0)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index d4c6c924eb..1f29b8d64d 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1595,7 +1595,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
         binderout = tmpbinder;
 
     bindersize = hashsize;
-    if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0
+    if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->propq,
+                              mackey, s->ctx->libctx) <= 0
             || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
             || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
             || bindersize != hashsize) {
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 9649420012..549a207430 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -780,7 +780,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
     }
 
     hmaclen = SHA256_DIGEST_LENGTH;
-    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+    if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->propq, pkey,
+                              s->ctx->libctx) <= 0
             || EVP_DigestSign(hctx, hmac, &hmaclen, data,
                               rawlen - SHA256_DIGEST_LENGTH) <= 0
             || hmaclen != SHA256_DIGEST_LENGTH) {
@@ -1864,7 +1865,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
         goto err;
     }
 
-    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+    if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->propq, pkey,
+                              s->ctx->libctx) <= 0
             || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
                               totcookielen) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 4c4e6cb209..cdd413d1ef 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2362,7 +2362,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
             goto err;
         }
 
-        if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+        if (EVP_DigestVerifyInit_ex(md_ctx, &pctx,
+                                    md == NULL ? NULL : EVP_MD_name(md),
+                                    s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
                      ERR_R_EVP_LIB);
             goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 812dabe860..e9cfee027e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -272,7 +272,9 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
         goto err;
     }
 
-    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+    if (EVP_DigestSignInit_ex(mctx, &pctx,
+                              md == NULL ? NULL : EVP_MD_name(md),
+                              s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
                  ERR_R_EVP_LIB);
         goto err;
@@ -465,7 +467,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
     OSSL_TRACE1(TLS, "Using client verify alg %s\n",
                 md == NULL ? "n/a" : EVP_MD_name(md));
 
-    if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+    if (EVP_DigestVerifyInit_ex(mctx, &pctx,
+                                md == NULL ? NULL : EVP_MD_name(md),
+                                s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
                  ERR_R_EVP_LIB);
         goto err;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 7ca76fc0fe..43f9811163 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2795,7 +2795,9 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
             goto err;
         }
 
-        if (EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+        if (EVP_DigestSignInit_ex(md_ctx, &pctx,
+                                  md == NULL ? NULL : EVP_MD_name(md),
+                                  s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
                      ERR_R_INTERNAL_ERROR);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 1a0d5eba87..c50905589b 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -326,7 +326,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
                                                (int)*mac_secret_size);
         if (mac_key == NULL
-            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            || EVP_DigestSignInit_ex(mac_ctx, NULL,
+                                     EVP_MD_name(m), s->ctx->propq,
+                                     mac_key, s->ctx->libctx) <= 0) {
             EVP_PKEY_free(mac_key);
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
                      ERR_R_INTERNAL_ERROR);
diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t
index 9781091bba..f0ff38a386 100644
--- a/test/recipes/90-test_sslprovider.t
+++ b/test/recipes/90-test_sslprovider.t
@@ -8,14 +8,46 @@
 
 
 use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_dir/;
+use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_file bldtop_dir/;
 
+BEGIN {
 setup("test_sslprovider");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
 
 plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
     if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
 
-plan tests => 1;
+plan tests => 3;
+
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
+
+SKIP: {
+    skip "Skipping FIPS installation", 1
+        if disabled("fips");
 
-ok(run(test(["sslprovidertest", srctop_dir("test", "certs")])),
+    ok(run(app(['openssl', 'fipsinstall',
+                '-out', bldtop_file('providers', 'fipsinstall.cnf'),
+                '-module', bldtop_file('providers', platform->dso('fips')),
+                '-provider_name', 'fips', '-mac_name', 'HMAC',
+                '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+                '-section_name', 'fips_sect'])),
+       "fipsinstall");
+}
+
+ok(run(test(["sslprovidertest", srctop_dir("test", "certs"), "default",
+             srctop_file("test", "default.cnf")])),
              "running sslprovidertest");
+
+SKIP: {
+    skip "Skipping FIPS provider test", 1
+        if disabled("fips");
+
+    ok(run(test(["sslprovidertest", srctop_dir("test", "certs"), "fips",
+                 srctop_file("test", "fips.cnf")])),
+                 "running sslprovidertest");
+}
diff --git a/test/sslprovidertest.c b/test/sslprovidertest.c
index 9a27d009ce..5f78554fb9 100644
--- a/test/sslprovidertest.c
+++ b/test/sslprovidertest.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <string.h>
 #include <openssl/provider.h>
 
 #include "ssltestlib.h"
@@ -14,11 +15,10 @@
 
 static char *cert = NULL;
 static char *privkey = NULL;
+static char *modulename = NULL;
+static char *configfile = NULL;
 
-/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
-#if 0
-OSSL_PROVIDER *defctxlegacy = NULL;
-#endif
+static OSSL_PROVIDER *defctxlegacy = NULL;
 
 static int test_different_libctx(void)
 {
@@ -26,13 +26,29 @@ static int test_different_libctx(void)
     SSL *clientssl = NULL, *serverssl = NULL;
     int testresult = 0;
     OPENSSL_CTX *libctx = OPENSSL_CTX_new();
+    OSSL_PROVIDER *prov = NULL;
 
-/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
-#if 0
-    /* Verify that the default provider in the default libctx is not available */
-    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
+    /*
+     * Verify that the default and fips providers in the default libctx are not
+     * available
+     */
+    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
+            || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
+        goto end;
+
+    if (!TEST_true(OPENSSL_CTX_load_config(libctx, configfile)))
         goto end;
-#endif
+
+    prov = OSSL_PROVIDER_load(libctx, modulename);
+    if (!TEST_ptr(prov)
+               /* Check we have the provider available */
+            || !TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
+        goto end;
+    /* Check the default provider is not available */
+    if (strcmp(modulename, "default") != 0
+            && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
+        goto end;
+    TEST_note("%s provider loaded", modulename);
 
     cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
     if (!TEST_ptr(cctx))
@@ -41,11 +57,21 @@ static int test_different_libctx(void)
     if (!TEST_ptr(sctx))
         goto end;
 
+    /*
+     * TODO(3.0): Make this work in TLSv1.3. Currently we can only do RSA key
+     * exchange, because we don't have key gen/param gen for EC yet - which
+     * implies TLSv1.2 only
+     */
     if (!TEST_true(create_ssl_ctx_pair(NULL,
                                        NULL,
                                        TLS1_VERSION,
-                                       0,
-                                       &sctx, NULL, cert, privkey)))
+                                       TLS1_2_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
+        goto end;
+
+    /* Ensure we use a FIPS compatible ciphersuite and sigalg */
+    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA256"))
+            || !TEST_true(SSL_CTX_set1_sigalgs_list(cctx, "RSA+SHA256")))
         goto end;
 
     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
@@ -56,15 +82,13 @@ static int test_different_libctx(void)
     if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
         goto end;
 
-/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
-#if 0
     /*
-     * Verify that the default provider in the default libctx is still not
-     * available
+     * Verify that the default and fips providers in the default libctx are
+     * still not available
      */
-    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
+    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
+            || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
         goto end;
-#endif
 
     testresult = 1;
 
@@ -74,6 +98,7 @@ static int test_different_libctx(void)
     SSL_CTX_free(sctx);
     SSL_CTX_free(cctx);
 
+    OSSL_PROVIDER_unload(prov);
     OPENSSL_CTX_free(libctx);
 
     return testresult;
@@ -82,26 +107,15 @@ static int test_different_libctx(void)
 int setup_tests(void)
 {
     char *certsdir = NULL;
-    /*
-     * TODO(3.0): Re-enable this code when key generation is provider aware. At
-     * the moment the below causes the tests to fail because libssl attempts to
-     * generate a key for the key_share, which ultimately invokes RAND_bytes().
-     * However, because key generation is not yet provider aware it just uses
-     * the default library context - and hence fails.
-     */
-#if 0
-    /*
-     * For tests in this file we want to ensure the default ctx does not have
-     * the default provider loaded into the default ctx. So we load "legacy" to
-     * prevent default from being auto-loaded. This tests that there is no
-     * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the
-     * specific libctx to be used - nothing should fall back to the default
-     * libctx
-     */
-    defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy");
-#endif
 
-    if (!TEST_ptr(certsdir = test_get_argument(0)))
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
+    if (!TEST_ptr(certsdir = test_get_argument(0))
+            || !TEST_ptr(modulename = test_get_argument(1))
+            || !TEST_ptr(configfile = test_get_argument(2)))
         return 0;
 
     cert = test_mk_file_path(certsdir, "servercert.pem");
@@ -114,6 +128,16 @@ int setup_tests(void)
         return 0;
     }
 
+    /*
+     * For tests in this file we want to ensure the default ctx does not have
+     * the default provider loaded into the default ctx. So we load "legacy" to
+     * prevent default from being auto-loaded. This tests that there is no
+     * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the
+     * specific libctx to be used - nothing should fall back to the default
+     * libctx
+     */
+    defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy");
+
     ADD_TEST(test_different_libctx);
 
     return 1;
@@ -121,8 +145,5 @@ int setup_tests(void)
 
 void cleanup_tests(void)
 {
-    /* TODO(3.0): Re-enable this code. See comment in setup_tests() */
-#if 0
     OSSL_PROVIDER_unload(defctxlegacy);
-#endif
 }


More information about the openssl-commits mailing list